Are there any configuration examples for NAT over VPN tunnel? The application in question is VPN access to some some servers at a city agency that require a VPN tunnel. Access also requires NATing our office IP scope with an address provided by the city agency to comply with their policy/access list. So the path would look something like
192.168.20.0/24 --> NAT (10.224.1.1) -> VPN Tunnel -> Server IP 161.185.12.2
thanks,
Paolo
- Thanks for posting your question on the forum!
The important thing to remember when configuring this application is mainly 2 points:
1. The VPN selectors must match what the source and destination IP will be AFTER the traffic has been NATted.
2. Instead of having an ALLOW in your firewall rules for VPN traffic, you will need to configure NATs for this traffic.
The following thread has an example configuration in it that you may find helpful:
Also, example #2 in the guide below has a similar setup with a sample configuration as well:
Please do not hesitate to let us know if you have any questions.
Thanks,
Noor
- Thanks for posting your question on the forum!
The important thing to remember when configuring this application is mainly 2 points:
1. The VPN selectors must match what the source and destination IP will be AFTER the traffic has been NATted.
2. Instead of having an ALLOW in your firewall rules for VPN traffic, you will need to configure NATs for this traffic.
The following thread has an example configuration in it that you may find helpful:
Also, example #2 in the guide below has a similar setup with a sample configuration as well:
Please do not hesitate to let us know if you have any questions.
Thanks,
Noor
I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.
Thanks,
Noor